Strange [sharepoint] authentication problems with O365 Hybrid environment RRS feed

  • Question

  • Our office moved to Office 365 environment about an year ago and yes, we had lots of problems at the beginning, but we have solved those so far and we actually had a very good autumn, without any major Office 365 / Azure based incidents.

    But when Microsoft introduced this New sign in method to Office 365, our users started reporting login issues to Sharepoint (where our intranet is located). Basically the Internet Explorer just hangs ("Not Responding") after user clicks on his user account and browser starts looking for login.onmicrosoft.com url. I have tried to solve this problem couple of months now and it seems that it might have something to do with the password/authentication and that is why I didn't wrote this to the Sharepoint Category. 

    In most cases this problem occurs shortly after the user have changed the on premises AD password on the workstation due the expiration time (60 days). This password is correctly synced to the cloud, so the problems is not with the sync. After the password change, a user may use the computer few days before the problem begins and Internet Explorer starts hanging on login screen.

    What I have tried so far:

    • Different workstation and same user = OK
    • Different browser on same workstation = OK
    • Clearing Cache = OK'ish... The problem returns at next morning
    • Using Old Style login in and then logout the user = OK (Not possible anymore as the old style login is not available)
    • Resetting Internet Explorer, Then logging into our sharepoint and logging off = Working Fix

    Yes, we have a working fix for this issue, but something is still fishy in our environment and because this problem occus every time after user has changed the AD password, I would like to have an ultimate fix for this.

    My guess is that we have an issue with our expiration periods on somewhere, but I don't know how those works so I don't have a clue where to look.

    Our system is:

    • Office 365 E3 + Mobile Security
    • Hybrid Environment On-prem AD
    • AD writes to Cloud
    • Azure AD Premium is not controlling users or groups
    • MFA is controlled by On-Premises system

    Any ideas are welcome!

    Tuesday, March 6, 2018 1:47 PM